Published: 11/05/2005 Updated: 17/05/2024

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in FishCart 3.1 allow remote malicious users to execute arbitrary SQL commands via the (1) cartid parameter to upstnt.php or (2) psku parameter to display.php. NOTE: the vendor disputes this report, saying that they are forced SQL errors. The original researcher is known to be unreliable

Vulnerable Product	Search on Vulmon	Subscribe to Product
fishnet fishcart 3.1

source: wwwsecurityfocuscom/bid/13499/info FishCart is prone to multiple cross-site scripting and SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input A successful exploit of the SQL-injection issues could allow an attacker to compromise the application, access or modify data, or explo ...

source: wwwsecurityfocuscom/bid/13499/info FishCart is prone to multiple cross-site scripting and SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input A successful exploit of the SQL-injection issues could allow an attacker to compromise the application, access or modify data, or exp ...

CWE-89 http://www.digitalparadox.org/advisories/fishc.txt http://www.securityfocus.com/bid/13499 http://secunia.com/advisories/15232/http://www.osvdb.org/16282 http://www.osvdb.org/16283 http://marc.info/?l=bugtraq&m=111530799109755&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/20386 http://www.securityfocus.com/archive/1/457754/100/200/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/25603/

CVE-2005-1487

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect